Jmeter performance testing with different grant types offered by WSO2 APIM — Part 1(Authorization_Code grant Type)
Introduction
WSO2 API Manager 3.1.0 version supports different grant types including the basic grant types offered by the OAuth2 framework. In OAuth2, the term Grant Type refers to the way for a client application to acquire an access token depending on the type of the resource owner, type of the application, and the trust relationship between the authorization server and the resource owner. When performing load tests and other types of performance testing with WSO2 APIM using Jmeter scripts it's required to generate access tokens for pre-registered applications using a particular grant type. For that, we cannot simply perform the steps that we usually perform to generate tokens using the APIM GUI.
Prerequisites
- Start WSO2 API manager 3.1.0 Server.
- Download Jmeter from https://jmeter.apache.org/download_jmeter.cgi. (Follow the https://medium.com/@cudakara/how-to-install-jmeter-in-ubuntu-20-04-7e4d30c42551 to install Jmeter properly in Ubuntu)
- Run Jmeter.
- Login to API Manager Publisher portal and deploy an API (You can use sample API, provided by WSO2)
- Login to Dev portal as Admin user.
Steps to perform in order to generate Access token with Authorization_code grant type.
1. Create an Application in the Dev portal.
2. Generate keys for that application in the Dev portal with Authorization code grant type.
When you generate keys for an App you have to select checkboxes with required grant types. But it is required to select client-credentials grant type along with Authorization grant types when you generate keys for this application. And providing a valid or invalid callback URL is a requirement when generating keys for this grant type.
3. Click the “GENERATE KEYS” button and extract the consumer key and consumer secret.
These are steps to be following prior to starting scripting with Jmeter. After these steps are completed move on to the GUI of Jmeter.
4. Add a thread group in Jmeter GUI and rename it as “Authorization Code”.
5. Create Request to authorize endpoint.
To achieve this, the following steps need to be completed.
- Create an HTTP request using Jmeter GUI (Authorization_Code >Add > Sampler> HTTP Request) and rename it as “Send a request to authorize endpoint”
- In the HTTP Request window under the “Basic” configurations window following configs need to be provided.
Protocol: https
Server Name or IP: localhost (Or Whatever the hostname of Gateway node)
Port Number: 8243 (Or authorized port number of the server)
HTTP Request Method : GET
Path : /oauth2/authorize
3. Then Using GUI add the following parameters and their respective values.
client_id: [Extracted consumer key from Devportal GUI]
redirect_uri : [ Callback URL which provided when generating keys with Dev portal GUI ]
response_type: code
After the above configs, the GUI of Jmeter should looks similar to the following image.
4. Add a response assertion to Above created “Send a request to authorize endpoint” HTTP request (HTTP Request > Add > Assertion> Response Assertion) and provide details as follows.
Apply to: Main samples only
Field to Test: Response Headers
Patterns to Test: HTTP/1.1 200
5. Add an XPath extractor to Above created “Send a request to authorize endpoint” HTTP request (HTTP Request > Add > Post Processor> XPath Extractor) and provide details as follows.
6. Create Request to Common Auth Login HTTP Request.
To achieve this, the following steps need to be completed.
- Create an HTTP request using Jmeter GUI (Authorization_Code >Add > Sampler> HTTP Request) and rename it as “Common Auth Login HTTP Request”
- In the HTTP Request window under the “Basic” configurations window following configs need to be provided.
Protocol: https
Server Name or IP: localhost (Or Whatever the hostname of Gateway node)
Port Number: 8243 (Or authorized port number of the server)
HTTP Request Method : POST
Path : /commonauth
3. Then Using GUI add the following parameters and their respective values.
username: [Admin username of that particlar tenant]
password: [ Admin password of that particlar tenant ]
sessionDataKey: ${sessionDataKey}**
** (The value for this field is automatically extracted by previously added XPath extractor of previous request)
After the above configs, the GUI of Jmetershould looks similar to the following image.
4. Add a response assertion to Above created “Common Auth Login HTTP Request” HTTP request (HTTP Request > Add > Assertion> Response Assertion) and provide details as follows.
Apply to: Main samples only
Field to Test: Response Headers
Patterns to Test: HTTP/1.1 200
5. Add an XPath extractor to Above created “Send a request to authorize endpoint” HTTP request (HTTP Request > Add > Post Processor> XPath Extractor) and provide details as follows. Rename that Xpath extractor as follows for clarification when running these tests.
**The values extracted here will be a required body parameter for the next request to be made.
7. Create Request to Get Authorization Code.
To achieve this following steps need to be completed.
- Create an HTTP request using Jmeter GUI (Authorization_Code >Add > Sampler> HTTP Request) and rename it as “ Get Authorization Code”
- In the HTTP Request window under the “Basic” configurations window following configs need to be provided.
Protocol: https
Server Name or IP: localhost (Or Whatever the hostname of Gateway node)
Port Number: 8243 (Or authorized port number of the server)
HTTP Request Method : POST
Path : /oauth2/authorize
3. Then Using GUI add the following parameters and their respective values.
consent: approve
sessionDataKeyConsent: ${sessionDataKeyConsent}** (The value for this field is automatically extracted by previously added XPath extractor of previous request)
After the above configs, the GUI of Jmetershould looks similar to the following image.
4. Add a response assertion to Above created “Get Authorization Code” HTTP request (HTTP Request > Add > Assertion> Response Assertion) and provide details as follows.
Apply to: Main samples only
Field to Test: Response Headers
Patterns to Test: HTTP/1.1 302
5. Add a Regular Expression Extractor to Above created “Get Authorization Code” HTTP request (HTTP Request > Add > Post Processor> Regular Expression Extractor) and provide details as follows. Rename that extractor as follows for the clarification when running these tests.
**The values extracted here will be a required body parameter for the next request to be made.
8. Create Request to Get access token.
To achieve this following steps need to be completed.
- Create an HTTP request using Jmeter GUI (Authorization_Code >Add > Sampler> HTTP Request) and rename it as “Get access token”
- In the HTTP Request window under the “Basic” configurations window following configs need to be provided.
Protocol: https
Server Name or IP: localhost (Or Whatever the hostname of Gateway node)
Port Number: 8243 (Or authorized port number of the server)
HTTP Request Method : POST
Path : /oauth2/token
3. Then Using GUI add the following parameters and their respective values.
client_id: [Extracted consemer key from Devportal GUI]
client_secret: [Extracted consemer secret from Devportal GUI]
redirect_uri : [ Callback URL which provided when generating keys with Dev portal GUI ]
grant_type: authorization_code
code: ${code}** (The value for this field is automatically extracted by previously added Regular Expression extractor of previous request in 7.5 step)
After the above configs, the GUI of Jmetershould looks similar to the following image.
4. Add a response assertion to the above created “Get access token” HTTP request (HTTP Request > Add > Assertion> Response Assertion) and provide details as follows.
Apply to: Main samples only
Field to Test: Response Headers
Patterns to Test: HTTP/1.1 200
5. Add a Regular Expression Extractor to Above created “Get access token” HTTP request (HTTP Request > Add > Post Processor> Regular Expression Extractor) and provide details as follows. Rename that extractor as follows for clarification when running these tests.
**This extractor is used to get the access token provided by the Key manager of APIM which requires to invoke API.
*The values extracted here will be a required body parameter for the next request to be made.
8. Using this extracted token now the user can create a request to invoke APIs in order to perform Jmeter performance testings.
